In predicting what will transpire in cybersecurity in 2023, the best method is to look at past experience. As with any security and criminal activity, threat actors tend to build upon what they have done in the past, adding new twists to keep their tactics fresh and effective.

So, taking this into consideration, it is no surprise that Trustwave's security experts see much of the same type of attacks that plagued 2022 continuing. Ransomware shows no signs of abating, attackers will target operational technology, and security teams will be forced to do more with less financial support.

The major differentiator from last year is the Russia-Ukraine War. The war has not only caused unmeasurable levels of human suffering but is the fulcrum on which a large cyberwar is being fought between the two opponents. This war has manifested itself through attacks centered on each nation and in some cases, striking targets in countries supporting their enemy.

In case you missed it, please take a look at Trustwave 2023 Cybersecurity Predictions: Part 1.

Outside of that conflict, ransomware attacks will continue to grow, both in number and financial impact. The average ransom fee will likely cross the $1 million threshold, and it's likely almost any company will experience in western countries may experience ransomware and supply chain attacks.  

As more companies migrate their systems to the cloud, it will likely become an even bigger target in 2023. While systems are often better managed in the cloud (for example, in terms of patching), data that used to be protected on-premises, will become accessible from the internet, creating new opportunities for cybercriminals. 

We will see threat actors exploit many new zero-day vulnerabilities along with more sophisticated, interactive phishing attacks. In addition, cybercriminals will benefit from an ever-growing library of tools and methods for infiltrating networks and computers. SCADA/OT environments will become a bigger target for nation-state attackers​

Chalking one up for the good guys, machine learning and artificial intelligence will be adopted by many security vendors creating new challenges for cybercriminals, given their ability to quickly identify never-seen-before malicious indications of compromise, much faster than any response that relies on human analysis. That would push cybercriminals to adopt new efforts and creativity to keep the ROI of their activity. 

If organizations do not audit and secure their use of open-source code, in 2023 we’ll see more malware delivered through open source, such as the 29 malicious info-stealing malware packages recently discovered in obfuscated code in Python Package Index (PyPI).

Open source is a common framework for many organizations, but as easy as it is for IT administrators to download and use open-source tools for projects, it’s just as easy for a bad actor to embed malicious code into that open-source project. Organizations need to think twice before downloading open-source tools and consider the risks associated. If and when possible, do a thorough code audit to review and ensure the code is legitimate before using it in production systems.

Government agencies will continue to focus on preventing ransomware. To do so, we will see the expansion of reporting requirements beyond the government and the critical infrastructure when a victim pays a ransom demand.

Federal agencies will push for additional funding for the Technology Modernization Fund. The demand remains high, yet there are insufficient resources to implement needed cybersecurity improvements.

Finally, we expect a renewed focus on broader privacy legislation and an expanded use of EDR in civilian agencies as President Joe Biden's Executive Order on Cybersecurity continues to be implemented. This EDR expansion will drive the need for Managed Detection and Response partnerships to ensure the data created has additional threat operations support and review.  

Another key theme for 2023 will be the shift within organizations of being proactive, and not waiting until they are breached before making cybersecurity changes. Part of this process will include organizations validating their security controls using breach attack simulations to answer the question of whether they are in fact secure. Breach attack simulation programs answer the question: “How would an attacker take advantage of any security gaps and risks?”

I don’t expect to see a slowdown in the adoption of managed security. For most organizations that are serious about their security posture, it’s now more obvious than ever that they can’t do it alone – they need an experienced cybersecurity partner.